I. Field of the Invention
The current invention relates to wireless communications. More particularly, the present invention relates to an improved method and system for performing authentication of a wireless mobile station with a packet data network.
II. Description of the Related Art
With the increasing popularity of both wireless communications and Internet applications, a market has arisen for products and services that combine the two. As a result, various methods and systems are under development to provide wireless Internet services, such as might allow a user of a wireless telephone or terminal to access e-mail, web pages, and other network resources. Because information on the Internet is organized into discrete xe2x80x9cpacketsxe2x80x9d of data, these services are often referred to as xe2x80x9cpacket data services.xe2x80x9d
Among the different types of wireless communication systems to be used to provide wireless packet data services are code division multiple access (CDMA) systems. The use of CDMA modulation techniques is one of several techniques for facilitating communications in which a large number of system users are present. The framing and transmission of Internet Protocol (IP) data through a CDMA wireless network is well known in the art and has been described in TIA/EIA/IS-707-A, entitled xe2x80x9cDATA SERVICE OPTIONS FOR SPREAD SPECTRUM SYSTEMSxe2x80x9d, hereafter referred to as IS-707.
Other multiple access communication system techniques, such as time division multiple access (TDMA), frequency division multiple access (FDMA) and AM modulation schemes such as amplitude companded single sideband (ACSSB) are known in the art. These techniques have been standardized to facilitate interoperation between equipment manufactured by different companies. Code division multiple access communications systems have been standardized in the United States in Telecommunications Industry Association TIA/EIA/IS-95-B, entitled xe2x80x9cMOBILE STATION-BASE STATION COMPATIBILITY STANDARD FOR DUAL-MODE WIDEBAND SPREAD SPECTRUM CELLULAR SYSTEMSxe2x80x9d, hereinafter referred to as IS-95.
The International Telecommunications Union recently requested the submission of proposed methods for providing high rate data and high-quality speech services over wireless communication channels. A first of these proposals was issued by the Telecommunications Industry Association, entitled xe2x80x9cThe cdma2000 ITU-R RTT Candidate Submissionxe2x80x9d, and hereinafter referred to as cdma2000. A second of these proposals was issued by the European Telecommunications Standards Institute (ETSI), entitled xe2x80x9cThe ETSI UMTS Terrestrial Radio Access (UTRA) ITU-R RTT Candidate Submissionxe2x80x9d, also known as xe2x80x9cwideband CDMAxe2x80x9d and hereinafter referred to as W-CDMA. A third proposal was submitted by U.S. TG 8/1 entitled xe2x80x9cThe UWC-136 Candidate Submissionxe2x80x9d, hereinafter referred to as EDGE. The contents of these submissions are public record and are well known in the art.
Several standards have been developed by the Internet Engineering Task Force (IETF) to facilitate mobile packet data services using the Internet. Mobile IP is one such standard, and was designed to allow a device having an IP address to exchange data with the Internet while physically travelling throughout a network (or networks). Mobile IP is described in detail in IETF request for comments (RFC), entitled xe2x80x98IP Mobility Support,xe2x80x99 and incorporated by reference.
Several other IETF standards set forth techniques referred to in the above named references. Point-to-Point Protocol (PPP) is well known in the art and is described in IETF RFC 1661, entitled xe2x80x9cThe Point-to-Point Protocol (PPP)xe2x80x9d and published in July 1994, hereinafter referred to as PPP. PPP includes a Link Control Protocol (LCP) and several Network Control Protocols (NCP) used for establishing and configuring different network-layer protocols over a PPP link. One such NCP is the Internet Protocol Control Protocol (IPCP), well known in the art and described in IETF RFC 1332 entitled xe2x80x9cThe PPP Internet Protocol Control Protocol (IPCP)xe2x80x9d published in May of 1992, hereinafter referred to hereinafter as IPCP. Extensions to the LCP are well known in the art and described in IETF RFC 1570, entitled xe2x80x9cPPP LCP Extensionsxe2x80x9d published in January 1994, referred to hereinafter as LCP. A method for Authentication using PPP known as Challenge Handshake Authentication Protocol (CHAP) is well known in the art and is described in IETF RFC 1994, entitled xe2x80x9cPPP Challenge Handshake Authentication Protocol (CHAP)xe2x80x9d and published in August 1996. A standardized method for identifying users and a syntax for the Network Access Identifier (NAI) used during PPP authentication is well known in the art and is described in IETF RFC 2486, entitled xe2x80x9cThe Network Access Identifierxe2x80x9d published in January, 1999. A protocol for carrying authentication, authorization, and configuration information between different network entities known as Remote Authentication Dial In User Service (RADIUS) is described in the IETF RFC 2138 of the same name, published in April 1997, and is also well known in the art. An Authentication, Authorization, and Accounting (AAA) server is a term known in the art, and refers to a server capable of providing Authentication, Authorization, and Accounting services. A RADIUS server is a type of AAA server.
As discussed above, there is a desire in the art for providing access to the Internet from wireless mobile devices. Existing authentication methods are thus far insufficient for providing authentication for a diverse set of mobile stations in a wireless network. There is therefore a need in the art to develop a method for performing authentication between a mobile station using packet data services and authentication servers in the network.
The present invention provides a method and apparatus for allowing a mobile station in a wireless network to perform network authentication in association with mobile packet data services. A packet data serving node (PDSN) supports authentication by buffering the contents of a CHAP challenge response message, and subsequently generating a CHAP success message based solely on the contents of the received CHAP challenge response message. The PDSN does not authenticate the mobile station with an authentication server prior to sending the CHAP success message. Rather, a mobile station is authenticated via an authentication server after the PDSN receives an IPCP message indicating whether or not the mobile station desires to use Mobile IP in the current session. If the mobile station desires to use Mobile IP, the PDSN uses authentication techniques in accordance with Mobile IP protocols. In the preferred embodiment, if the mobile station does not desire to use Mobile IP, the PDSN authenticates the mobile station querying an authentication server with the buffered contents of the aforementioned CHAP challenge response.
The methods and techniques disclosed herein may be used in junction with several alternate modulation techniques, including TDMA, cdma2000, WCDMA, and EDGE without departing from the present invention.